* Also, if there's no User-Name attribute, we can't
* proxy it, either.
*/
+#ifdef WITH_PROXY
if ((request->proxy != NULL) ||
(request->username == NULL)) {
- DEBUG2(" rlm_realm: Proxy reply, or no User-Name. Ignoring.");
- return 0;
+ RDEBUG2("Proxy reply, or no User-Name. Ignoring.");
+ return RLM_MODULE_OK;
}
+#endif
/*
* Check for 'Realm' attribute. If it exists, then we've proxied
* it already ( via another rlm_realm instance ) and should return.
*/
- if ( (vp = pairfind(request->packet->vps, PW_REALM)) != NULL ) {
- DEBUG2(" rlm_realm: Request already proxied. Ignoring.");
- return 0;
+ if (pairfind(request->packet->vps, PW_REALM, 0) != NULL ) {
+ RDEBUG2("Request already proxied. Ignoring.");
+ return RLM_MODULE_OK;
}
/*
* what's going on.
*/
if (realmname) {
- DEBUG2(" rlm_realm: Looking up realm \"%s\" for User-Name = \"%s\"",
+ RDEBUG2("Looking up realm \"%s\" for User-Name = \"%s\"",
realmname, request->username->vp_strvalue);
} else {
if( inst->ignore_null ) {
- DEBUG2(" rlm_realm: No '%c' in User-Name = \"%s\", skipping NULL due to config.",
+ RDEBUG2("No '%c' in User-Name = \"%s\", skipping NULL due to config.",
inst->delim[0], request->username->vp_strvalue);
- return 0;
+ return RLM_MODULE_NOOP;
}
- DEBUG2(" rlm_realm: No '%c' in User-Name = \"%s\", looking up realm NULL",
+ RDEBUG2("No '%c' in User-Name = \"%s\", looking up realm NULL",
inst->delim[0], request->username->vp_strvalue);
}
*/
realm = realm_find(realmname);
if (!realm) {
- DEBUG2(" rlm_realm: No such realm \"%s\"",
+ RDEBUG2("No such realm \"%s\"",
(realmname == NULL) ? "NULL" : realmname);
- return 0;
+ return RLM_MODULE_NOOP;
}
if( inst->ignore_default &&
(strcmp(realm->name, "DEFAULT")) == 0) {
- DEBUG2(" rlm_realm: Found DEFAULT, but skipping due to config.");
- return 0;
+ RDEBUG2("Found DEFAULT, but skipping due to config.");
+ return RLM_MODULE_NOOP;
}
- DEBUG2(" rlm_realm: Found realm \"%s\"", realm->name);
+ RDEBUG2("Found realm \"%s\"", realm->name);
/*
* If we've been told to strip the realm off, then do so.
*/
if (request->username->attribute != PW_STRIPPED_USER_NAME) {
vp = radius_paircreate(request, &request->packet->vps,
- PW_STRIPPED_USER_NAME,
+ PW_STRIPPED_USER_NAME, 0,
PW_TYPE_STRING);
- DEBUG2(" rlm_realm: Adding Stripped-User-Name = \"%s\"", username);
+ RDEBUG2("Adding Stripped-User-Name = \"%s\"", username);
} else {
vp = request->username;
- DEBUG2(" rlm_realm: Setting Stripped-User-Name = \"%s\"", username);
+ RDEBUG2("Setting Stripped-User-Name = \"%s\"", username);
}
strcpy(vp->vp_strvalue, username);
request->username = vp;
}
- DEBUG2(" rlm_realm: Proxying request from user %s to realm %s",
- username, realm->name);
-
/*
* Add the realm name to the request.
+ * If the realm is a regex, the use the realm as entered
+ * by the user. Otherwise, use the configured realm name,
+ * as realm name comparison is case insensitive. We want
+ * to use the configured name, rather than what the user
+ * entered.
*/
- pairadd(&request->packet->vps, pairmake("Realm", realm->name,
+ if (realm->name[0] != '~') realmname = realm->name;
+ pairadd(&request->packet->vps, pairmake("Realm", realmname,
T_OP_EQ));
- DEBUG2(" rlm_realm: Adding Realm = \"%s\"", realm->name);
+ RDEBUG2("Adding Realm = \"%s\"", realmname);
/*
* Figure out what to do with the request.
*/
switch (request->packet->code) {
default:
- DEBUG2(" rlm_realm: Unknown packet code %d\n",
+ RDEBUG2("Unknown packet code %d\n",
request->packet->code);
- return 0; /* don't do anything */
+ return RLM_MODULE_OK; /* don't do anything */
/*
* Perhaps accounting proxying was turned off.
*/
case PW_ACCOUNTING_REQUEST:
if (!realm->acct_pool) {
- DEBUG2(" rlm_realm: Accounting realm is LOCAL.");
- return 0;
+ RDEBUG2("Accounting realm is LOCAL.");
+ return RLM_MODULE_OK;
}
break;
*/
case PW_AUTHENTICATION_REQUEST:
if (!realm->auth_pool) {
- DEBUG2(" rlm_realm: Authentication realm is LOCAL.");
- return 0;
+ RDEBUG2("Authentication realm is LOCAL.");
+ return RLM_MODULE_OK;
}
break;
}
+#ifdef WITH_PROXY
+ RDEBUG2("Proxying request from user %s to realm %s",
+ username, realm->name);
+
/*
* Skip additional checks if it's not an accounting
* request.
*/
if (request->packet->code != PW_ACCOUNTING_REQUEST) {
*returnrealm = realm;
- return 0;
+ return RLM_MODULE_UPDATED;
}
/*
* that has already proxied the request, we don't need to do
* it again.
*/
- vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO);
+ vp = pairfind(request->packet->vps, PW_FREERADIUS_PROXIED_TO, 0);
if (vp && (request->packet->src_ipaddr.af == AF_INET)) {
int i;
- lrad_ipaddr_t my_ipaddr;
+ fr_ipaddr_t my_ipaddr;
my_ipaddr.af = AF_INET;
my_ipaddr.ipaddr.ip4addr.s_addr = vp->vp_ipaddr;
* send it there again.
*/
for (i = 0; i < realm->acct_pool->num_home_servers; i++) {
- if (lrad_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
+ if (fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&my_ipaddr) == 0) {
- DEBUG2("Suppressing proxy due to FreeRADIUS-Proxied-To");
- return 0;
+ RDEBUG2("Suppressing proxy due to FreeRADIUS-Proxied-To");
+ return RLM_MODULE_OK;
}
}
* send it there again.
*/
for (i = 0; i < realm->acct_pool->num_home_servers; i++) {
- if ((lrad_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
+ if ((fr_ipaddr_cmp(&realm->acct_pool->servers[i]->ipaddr,
&request->packet->src_ipaddr) == 0) &&
(realm->acct_pool->servers[i]->port == request->packet->src_port)) {
- DEBUG2("Suppressing proxy because packet was already sent to a server in that realm");
- return 0;
+ RDEBUG2("Suppressing proxy because packet was already sent to a server in that realm");
+ return RLM_MODULE_OK;
}
}
}
+#endif
/*
* We got this far, which means we have a realm, set returnrealm
*/
*returnrealm = realm;
- return 0;
+
+ return RLM_MODULE_UPDATED;
}
/*
*/
static int realm_authorize(void *instance, REQUEST *request)
{
+ int rcode;
REALM *realm;
/*
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
- if (check_for_realm(instance, request, &realm) < 0) {
- return RLM_MODULE_FAIL;
- }
- if (!realm) {
- return RLM_MODULE_NOOP;
- }
+ rcode = check_for_realm(instance, request, &realm);
+ if (rcode != RLM_MODULE_UPDATED) return rcode;
+ if (!realm) return RLM_MODULE_NOOP;
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
- DEBUG2(" rlm_realm: Preparing to proxy authentication request to realm \"%s\"\n",
+ RDEBUG2("Preparing to proxy authentication request to realm \"%s\"\n",
realm->name);
add_proxy_to_realm(&request->config_items, realm);
*/
static int realm_preacct(void *instance, REQUEST *request)
{
+ int rcode;
const char *name = (char *)request->username->vp_strvalue;
REALM *realm;
* If not, return without adding a Proxy-To-Realm
* attribute.
*/
- if (check_for_realm(instance, request, &realm) < 0) {
- return RLM_MODULE_FAIL;
- }
- if (!realm) {
- return RLM_MODULE_NOOP;
- }
-
+ rcode = check_for_realm(instance, request, &realm);
+ if (rcode != RLM_MODULE_UPDATED) return rcode;
+ if (!realm) return RLM_MODULE_NOOP;
/*
* Maybe add a Proxy-To-Realm attribute to the request.
*/
- DEBUG2(" rlm_realm: Preparing to proxy accounting request to realm \"%s\"\n",
+ RDEBUG2("Preparing to proxy accounting request to realm \"%s\"\n",
realm->name);
add_proxy_to_realm(&request->config_items, realm);
module_t rlm_realm = {
RLM_MODULE_INIT,
"realm",
- RLM_TYPE_CHECK_CONFIG_SAFE, /* type */
+ RLM_TYPE_CHECK_CONFIG_SAFE | RLM_TYPE_HUP_SAFE, /* type */
realm_instantiate, /* instantiation */
realm_detach, /* detach */
{